CILogon Staff Investigate Impact of TLS Vulnerability

Post date: Nov 12, 2009 9:46:52 PM

Jim Basney and Von Welch participated in a Globus Security Committee investigation into the impact of the recently-disclosed man-in-the-middle vulnerability in the TLS protocol (CVE-2009-3555). The TLS protocol is used throughout the Globus Toolkit and other CI software. The committee concluded (see: announcement) that Globus Toolkit services, including MyProxy and GSI-OpenSSH, are not affected by the vulnerability, because they do not support TLS renegotiation after receiving application-level protocol data. Assisting with Globus Toolkit security issues is one of the community support activities of the CILogon project.